Setting Up Two Factor Authentication for Users

Select the user for which you would like to enable two-factor authentication.

Under Google Authenticator Settings, check the option Active.

Click Show/Hide QR code.

You should now be able to see an automatically generated QR code:

Open the Google Authenticator app on your smartphone and scan the QR code.
Alternatively, you can also set up your account manually. To do so, use the description and secret displayed for this user in WordPress.

You can now see a new entry for your website in the Google Authenticator app. The security code is updated every 30 seconds.

Click Update Profile.

The two-factor authentication is now set up for this user. From now on, use a new security code each time you log in.

Loggin in with Google Authenticator Code

Write Down Secret

For situations in which you don’t have access to the Authenticator, you can fall back on the secret to connect a new Authenticator.

Store the secret in a secure location. Pretty old-fashioned, but secure: Write it down on a piece of paper.

That’s it! Congratulations, your WordPress website has just become a bit more secure!

Please rate this post :★★★★★

12 thoughts on “Setting Up Two Factor Authentication with WordPress and Google Authenticator”

This is all well and good, but when will 1&1 provide for 2-factor authentication on its own Control Panel? If an attacker can gain access to my domain’s configuration account with just a password, it doesn’t matter how well I’ve secured anything else.

On a side note you could absolutely enable the option to logging into a customers control panel by IP address. Why don’t you all include that function as would seem easy to roll out without having to rely on 3rd party API’s or plugins or what have you….i would say that would be an option

not sure how this should work. You mean that a brower cookie should detect the IP address of your internet connection and log you in automatically? Nice idea, but I am not confident that this would be a safe login method. Besides, most of our customers don’t have a static IP address, their internet providers switch their IP everytime their broadband connection restarts.